> > - A session file is created associated to a user each time that user logs > in. Is this ok? >
Yes, it is OK. > - My users make a login through auth.login_bare(user, password), does this > create a session file then? > Yes. > - What should be the code to remove the session file of a user when he/she > makes a logout? > The session filename is stored in response.session_filename, so you could do it in an onlogout callback. Perhaps we should make this the default whenever session.renew() is called (which happens by default when someone logs in or out), since the old file gets abandoned at that point. Maybe open an issue on Google Code and refer to this post. Also, there is a script you can use to periodically clean up the sessions: https://github.com/web2py/web2py/blob/master/scripts/sessions2trash.py > - I've set my auth.settings.expiration to 999999999, does this affect to > sessions too? As far as I know it only affects to when an inactive user is > automatically logged out, is this correct? > That won't affect the session. However, if you use the "remember me" option at login, then auth.settings.long_expiration will determine how long the session cookie remains valid (still won't have any effect on keeping/removing the session file itself, though). > - Testing this I've seen that with no logged users in my server, if I > manually remove the sessions files, some of them are created again!! Why > and how? As I said I have no users logged in the server. > A session file is created whenever a new visitor visits the site and anything is saved to the session (whether or not the user is logged in). Sessions are not used only for logged in users, but can be used for any visitor. If you navigate to a page with a form (e.g., the login or register pages), for example, the session will be used (to store the CSRF token) -- even if you don't actually submit the form. Anthony -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
